For any library that invests in IGI Global's InfoSci-Books and/or InfoSci-Journals databases, IGI Global will match the library’s investment with a fund of equal value to go toward subsidizing the OA APCs for their faculty patrons when their work is submitted/accepted under OA into an IGI Global journal.

Subscribe to the Latest Research Through IGI Global's InfoSci-OnDemand Plus

InfoSci®-OnDemand Plus, a subscription-based service, provides researchers the ability to access full-text content from over 100,000+ peer-reviewed book chapters and 25,000+ scholarly journal articles that spans across 350+ topics in 11 core subjects. Users can select articles or chapters that meet their interests and gain access to the full content permanently in their personal online InfoSci-OnDemand Plus library.

Purchase the Encyclopedia of Information Science and Technology, Fourth Edition

and Receive Complimentary E-Books of Previous Editions

When ordering directly through IGI Global's Online Bookstore, receive the complimentary e-books for the first, second, and third editions with the purchase of the Encyclopedia of Information Science and Technology, Fourth Edition e-book.

Create a Free IGI Global Library Account to Receive a 25% Discount on All Purchases

Exclusive benefits include one-click shopping, flexible payment options, free COUNTER 5 reports and MARC records, and a 25% discount on single all titles, as well as the award-winning InfoSci®-Databases.

Abstract

Cloud computing is a major transition, and it comes at a unique historical and strategic time for applying foundational design thinking to secure the next-generation computing infrastructure and enable waves of business and technological innovation. In this chapter, the researcher summarizes six key research and development areas for designing a forensic-enabling cloud ecosystem, including architecture and matrix, standardization and strategy, evidence segregation, security and forensic integration, legal framework, and privacy.

Introduction

Cloud computing is like a supercomputer split among cloud actors connected and delivered via networks. The split of technical infrastructure as an evolutionary computing service delivery model provides massive cost reduction and increases resource utilization. The split among cloud actors, on the other hand, requires new interfaces, trust and transparency, as well as legal framework to ensure smooth and secure service delivery with clearly defined segregation of duties for all cloud actors to implement relevant technical, organizational, and legal controls and mechanisms. Foundational thinking for designing standards, system architecture, and research roadmaps are needed at the current stage of cloud development. In this chapter, the researcher discusses the importance and strategies for designing a forensic-enabling cloud ecosystem.

With the ever-rising cyber crime and the rapid emergence of cloud computing, digital investigations are faced with significant challenges. While data are being migrated to cloud computing environments, so does digital evidence. In 2011, hackers rented Amazon servers and triggered the second-largest online data breach in U.S. history (Galante, et al., 2011). Cases as such cannot be handled by traditional digital forensic tools and procedures due to cloud forensic challenges outlined by pioneering researchers in Spyridopoulos and Katos (2011), Birk and Wegener (2011), Biggs and Vidalis (2009), Ruan et al. (2011a). At the meantime, global cybercrime is growing at an astonishing rate causing devastating financial losses. Annual loss caused by cyber crime in Europe alone is estimated to be 750 billion Euros (Cheslow, 2012). Designing a forensic-enabling cloud ecosystem is thus of high importance in order to prevent explosive growth of cybercrime in cloud environments due to lack of forensic considerations during cloud adoption.

The Information Society Alliance published a report (ISA, 2010), and it argues that the solution to current cyber security challenge is a fundamental change in market behavior so that the complex IT systems, on which society increasingly depends, have security embedded from the start rather than added as an afterthought. This did not happen in the history of the computer era. Even though John von Neumann designed the first theoretical computer virus (Neumann, 1949), he did not include security design in his own computer architecture known as the von Neumann Architecture (Neumann, 1945). Gartner (2012) estimates that personal cloud will replace personal computer by 2014, however, study shows security still is an afterthought during cloud adoption (Ernst & Young, 2011). Compare to security, forensic implementations have been an “after-after-thought.” Anderson et al. (2012) carried out a research aimed to scientifically estimate the cost of cyber crime, and it concludes that “we should spend less in anticipation of cybercrime (on antivirus, firewalls, etc.) and more in response, i.e., the prosaic business of hunting down cyber criminals and throwing them in jail.” The good news is that cloud computing is still at early stage of development and it is expected to reach maturity in another 10 years (Thomason, 2010, CSA & ISACA, 2012). According to CIO and CAOC (2012), cloud computing represents a paradigm shift that is larger than IT. This new paradigm requires agencies to re-think not only the way they acquire IT services in the context of deployment, but also how the IT services they consume provide mission and support functions on a shared basis. Researcher believes that now is a historically unique timing for including security and forensic implementations by design into cloud architecture iterations, and it might not be too late to change the game.